SEC Exam Priorities 2026: What RIAs Need to Know and Do Now

Written by Minhee Park | 3/29/26 7:25 AM

Each year, the SEC's Division of Examinations publishes its examination priorities — a forward-looking statement of the areas it intends to scrutinize most intensively across registered investment advisors, broker-dealers, and other market participants. In January 2026, the Division released its annual priorities document identifying artificial intelligence, cybersecurity controls, private fund disclosures, and fiduciary compliance as the headline focus areas for the 2026 examination cycle.

For RIAs, the priorities document is not a compliance checklist — but it is a reliable indicator of where examiners will focus their attention, what questions they will ask, and where deficiency findings are most likely to cluster. Firms that align their internal review and remediation efforts with the published priorities tend to produce better examination outcomes.

This article breaks down the 2026 SEC examination priorities most relevant to registered investment advisors, explains what each priority means for your compliance program, and outlines concrete steps to address the areas of heightened focus before an exam notice arrives.

📌 New to SEC examinations? Before diving into 2026 priorities, check out our step-by-step guide: SEC Exam Preparation for Investment Advisors: A Practical Guide — covering how exams work, what documents are requested, and how to build an exam-ready compliance program.

2026 SEC Examination Priorities at a Glance

The table below summarizes the priority areas most directly applicable to investment advisors, the specific conduct the Division has flagged for review, and the regulatory obligations each area implicates.

Priority Area	What Examiners Will Review	Governing Rule / Authority
Artificial Intelligence	Disclosure of AI use in investment advice; supervision of AI-generated outputs; marketing claims about AI capabilities	Advisers Act §206 (fiduciary duty); Marketing Rule
Cybersecurity	Written information security policies; incident response plans; vendor/third-party risk management	Regulation S-P; proposed Regulation S-AM
Fiduciary Duty	Conflict of interest documentation; best interest analysis for recommendations; fee structure disclosures	Advisers Act §206; Form ADV Part 2
Private Fund Advisers	Compliance with private fund adviser rules; fee and expense allocation; side-letter arrangements	Advisers Act §211; Private Fund Adviser Rules
Regulation Best Interest	For dual registrants: documentation of BI analysis and client disclosures	SEC Regulation BI (Form CRS)
Anti-Money Laundering	For advisers covered by FinCEN's final AML rule: program implementation and suspicious activity monitoring	Bank Secrecy Act; FinCEN Investment Adviser Rule

AI in Investment Advice: The Dominant 2026 Priority

Artificial intelligence has moved from an emerging risk topic to a central examination focus in 2026. The Division has specifically flagged three dimensions of AI use that advisors must be prepared to address.

Disclosure of AI use in client-facing processes. Advisors that use AI tools to generate investment recommendations, screen client portfolios, or produce client communications must disclose this use in their Form ADV and client agreements. The disclosure must be specific enough to allow clients to understand how AI is influencing the advisory process — generic statements that the firm "uses technology" are unlikely to satisfy examiners.

Supervision of AI-generated outputs. Examiners will assess whether the firm has implemented supervisory procedures specifically designed to detect and correct errors or biases produced by AI tools. The fiduciary obligation does not transfer to the algorithm — the advisor remains responsible for the quality of the investment decision, regardless of how it was generated.

Marketing representations about AI. Firms that advertise their use of AI as a competitive differentiator must ensure those representations are accurate and not materially misleading. Under the Marketing Rule, performance claims or capability descriptions that cannot be substantiated create liability.

The practical compliance response is to audit every AI tool currently in use, document its function and its role in the advisory workflow, confirm it is disclosed appropriately, and add AI-specific supervision steps to the firm's written procedures.

Cybersecurity: From Policy to Practice

The 2026 priorities signal that examiners are moving past the question of whether advisors have written cybersecurity policies and focusing on whether those policies are implemented and tested. The gap between policy and practice is where most deficiencies are now found.

Key areas examiners will focus on in 2026 include vendor and third-party risk, incident detection and response capabilities, and employee access controls. Firms that rely on custodians, portfolio management software, or cloud-based CRM systems carry third-party cyber risk that must be addressed in their information security program.

Common deficiency patterns in this area include policies that have not been updated since initial adoption, incident response plans that have never been tested through a tabletop exercise, and employee access controls that have not been reviewed after personnel changes.

Fiduciary Duty and Conflicts of Interest

The Division has indicated it will continue to prioritize fiduciary obligation compliance in 2026, with a specific emphasis on conflicts of interest that are inadequately disclosed or managed. This focus is not new — but the 2026 guidance signals a sharper look at compensation-related conflicts and at advisors who recommend affiliated products or services.

The areas most frequently generating findings include revenue-sharing arrangements with third parties, compensation differentials that favor proprietary products, referral fee arrangements, and fee structures that create incentives to recommend higher-cost share classes.

Common exam patterns in this area reflect three recurring failures:

Conflicts disclosed in Form ADV but not actually managed. A disclosure that says "we may recommend affiliated products" is not sufficient if the firm has no procedure for ensuring those recommendations are still in the client's best interest. Examiners look for evidence that the conflict is actively managed, not merely stated.
Material conflicts omitted from Part 2A entirely. Revenue-sharing arrangements with custodians, solicitor agreements, and referral fee structures are frequently omitted from the conflicts section of the brochure, particularly at smaller firms where these relationships developed organically.
Verbal best-interest explanations with no written documentation. Advisors who make verbal representations that a recommendation is in the client's best interest but maintain no written record to support that conclusion are exposed in an examination.

Private Fund Advisers: Heightened Scrutiny Continues

Advisors to private funds — hedge funds, private equity, venture, and real estate vehicles — face continued elevated scrutiny in 2026 following the implementation of the Private Fund Adviser Rules adopted in August 2023. While portions of those rules were vacated by the Fifth Circuit in June 2024, the Division has indicated it will continue to focus on fee and expense allocation practices, preferential treatment through side-letter arrangements, and conflicts of interest related to GP-led transactions.

Advisers with private fund clients should review their fee and expense allocation methodology, confirm that all side-letter arrangements are disclosed in fund documents, and assess whether any GP-led secondary transactions in 2025 or 2026 triggered related-party conflict obligations.

What to Do Before Your Next Exam: A 2026 Readiness Framework

Aligning with the 2026 examination priorities is not a separate project from general compliance program maintenance — it is an extension of the annual review process. The following steps address the highest-risk areas identified in this year's priorities.

Complete an AI inventory. List every software tool that uses machine learning, algorithmic processing, or generative AI in your investment or client-communication workflow. Document what each tool does, who supervises it, and whether it is disclosed in Form ADV.
Update Form ADV Part 2A for AI and cybersecurity disclosures. Review your brochure language on technology use, conflicts of interest, and cybersecurity practices. If your last ADV update predates your firm's adoption of AI tools, the disclosures are almost certainly stale.
Test your incident response plan. Schedule a tabletop exercise before Q3 2026. Document who participated, what scenario was tested, and what remediation steps were identified. This documentation demonstrates operational seriousness to examiners.
Audit vendor relationships for cyber risk. Identify every third-party system that stores or accesses client data. Confirm each vendor has a current SOC 2 report or equivalent. Review your vendor agreements for data breach notification requirements.
Reconcile your conflicts of interest disclosure against your actual compensation arrangements. Take your current Form ADV Part 2A conflicts section and compare it line-by-line against every revenue-generating relationship the firm has — compensation from custodians, solicitor agreements, referral arrangements, affiliated products. Any gap is a disclosure deficiency.
Conduct the annual review with 2026 priorities as a review lens. Use the Division's published priorities document as a supplemental scope guide for your annual review. Specifically test your AI disclosure, cybersecurity policy implementation, and conflicts management framework.

The Bottom Line

The 2026 SEC examination priorities confirm the direction regulators have been moving for several years: greater scrutiny of technology use in advisory processes, a sharper focus on whether conflicts are actually managed rather than merely disclosed, and continued pressure on firms to demonstrate that written policies match real-world operations.

StratiFi's compliance monitoring platform helps RIAs maintain the continuous portfolio-level oversight and documentation discipline that examination-ready programs require. If you want to understand how your current program maps against the 2026 priorities, we're glad to walk through it with you.

Frequently Asked Questions

Are the SEC exam priorities the same as a list of things we must do?
No. The priorities document describes where the Division intends to focus examination resources — it is not a prescriptive compliance checklist. However, areas flagged in the priorities document are disproportionately likely to appear in examination requests and deficiency letters.

Does the 2026 AI focus mean the SEC will cite firms just for using AI tools?
No. The SEC is not opposed to AI use in investment advisory processes. The focus is on whether AI use is disclosed appropriately, supervised adequately, and consistent with the advisor's fiduciary obligation. Undisclosed or unsupervised AI use creates the compliance risk — not AI use itself.

What is the AML rule for investment advisers and when does it apply?
FinCEN's final rule extending anti-money laundering program requirements to investment advisers was adopted in August 2024. The compliance date is January 1, 2026 for most SEC-registered advisers. The rule requires a written AML program, suspicious activity reporting, and customer identification procedures for applicable client relationships.

What is the difference between an examination priority and a Risk Alert?
An examination priority is a forward-looking statement of areas the Division intends to focus on. A Risk Alert is a retrospective notice that describes deficiency patterns the Division has already observed across multiple examinations. Risk Alerts are often more operationally specific and can be used directly to benchmark compliance program adequacy.